Opera's password management is better than Firefox's for one simple reason: you have to initiate (with a keypress) the entering of the password.
Someone did a proof-of-concept where using Javascript and XSS, they could steal passwords from Firefox, since it automatically enters it in when viewing the page. I can't find it now, but I'm pretty sure that I read about it here on Slashdot.
If every piece of software followed this philosophy, we'd be in big trouble.
"Memory is cheap, what's the big deal about half a gig dedicated to office software?" "Memory is cheap, what's the big deal about half a gig dedicated to instant messaging?" "Memory is cheap, what's the big deal about half a gig dedicated to e-mail clients?" "Memory is cheap, what's the big deal about half a gig dedicated to a music player?"
With your browser statement, that's 2.5 gigs! My machine wouldn't be able to handle that.
Huh. Sure enough, it does. I would have sworn that it didn't work (interpolating $foo as the variable and ->{bar} as part of the string.) Maybe I was just thinking of the function case.
This is something that bugs me about lots of Open Source Software. Although some get it right by maintaining a security branch, far too many mix patches and new features in the same branch. It goes beyond just the possibility of introducing new bugs--it changes program functionality into something untested.
The best way of doing it (in my opinion) is to set your target features, code to that target, branch, and move on if you want more features. Fix security issues in the old branch so that I don't have to upgrade and get the new features. If you want to maintain a beta branch that fixes security issues while adding features, that's fine, but it should clearly be beta, and it'd be nice if the release cycle was reasonably consistent.
So a RHN satellite isn't like a MS Update server? See, with RHEL, you get to patch the machines on your own schedule, and if there's an exploit, then I bloody well want to (and might even get permission to) patch it today. I can have my own "patch Tuesday" every bloody week if I want. It's a different idea of security. It goes like this: once the patch is released, it's trivial to reverse-engineer the changes to find the flaw. Once that happens, many more people will write exploits for it. By releasing patches on a fixed schedule, businesses can plan around that schedule so that they aren't blindsided with a major vulnerability that needs to be tested and deployed. A company which is concerned with security can plan, every Tuesday, to see which patches came out and evaluate whether or not they should be deployed. With an erratic schedule, one might delay patching because you've scheduled other, high-priority activities for that day, and that delay could lead to a compromise.
It's sound logic, honestly, but it's mostly only necessary since Windows is as cobbled together as it is. It's pretty rare that security updates in the Linux world break the operation of the machine. When I still used Windows (several years ago), it was pretty much expected.
The issue is: should a bug that is a potential hole in a free tool, which they happen to include and which will realistically never even be exposed let alone exploited, be considered with the same weight as a hole in a service actually running and exposed on Windows? What about a hole in IE, which MS includes, but whose vulnerabilities were not included in this "study' as counting against Windows? Absolutely not. A vulnerability in calc.exe does not have the same weight as a vulnerability in iexplore.exe. A hole in the Apache shipped with OS X does not have the same weight as a hole in Safari. And now we'll cross the OS boundary--a hole in Samba shipped with OS X does not have the same weight as a hole in Internet Explorer. In each case, one of the bugs is much more likely to be exploitable--and thus exploited, even if all of them lead to the same malicious code execution. That's why it's asinine to judge the security of an OS by the number of vulnerabilities (or worse, by the number of patches, as one patch may address multiple vulnerabilities.)
Vista is flat-out better than OSX. That's flat-out opinion.
The interface is better Usually, when I hear this, what I really think a person means is, "The interface is more Windows-like." Most computer users learned about them on Windows--it was probably their first computer experience[1]. That's what familiar, and although Windows does change the interface quite regularly, it's always got quite a bit in common with the previous generation.
Generally speaking, I find the OS X interface to be simpler, which I like. It's easier to do more advanced things with the Windows graphical shell, but with a single OS X addon, it wins hands down in my book: Quicksilver.
Widget implementation is poor on both systems. Personally, I rather like OS X widgets. They're unobtrusive because they're only there when you want them (when you hit F12 or whatever hotkey you assign to display them.) When I used Vista, I just felt like the widgets were getting in my way. You can Show Desktop, but there's not as clear a delineation between the widgets and the background, and Show Desktop has always been pretty flaky for me (inconsistent in its behavior, sometimes failing to hide windows or oddities.)
IE is mediocre. FF memory leaks. Opera for the win. I wish FF or Opera had native 64-bit though. We're in total agreement, here. I just wish that Opera was more easily extensible, and that it had half of the development community for add-ons that Firefox has.
[1] Except for old farts who used something pre-DOS--my first experiences with computers were Commodore 64s and Apple IIe.
Collectively those low-level workers are the huge faceless system. And what I'm trying to point out is that those people do have faces. They have families, insecurities, fears, hopes, dreams, and they do not want to have their every move scrutinized. I may be in the minority, but I really feel sorry for celebrities who can't even step outside without having people watching them, looking for any mistake they make so that they can publicize it on the Internet. Now imagine that space isn't a consideration, that they just have a webcam on them any time that they're not at home, and that any yahoo on the Internet can be the one to find that nip slip or other embarrassing moment and post it all over the web for all the world to see. That's not the kind of society that I want to live in. I wouldn't wish such a situation on any person.
There's no employee doing something they couldn't twist for gain, or just slack off and not do. If we can't watch the pieces and nobody's accountable we can't trust the system.... Constitutional best-wishes aside, governments still aren't based on the concept of individual freedom. Do you see how you're perpetuating the issue? You make the claim that governments aren't about individual freedom, and you would make such a statement come true by requiring loss of what little privacy we have during working hours.
Regardless, you can look at outcomes to whether there is waste or espionage. There are ways to do it that don't involve a camera on the person.
The president is an open liar. Caught. Proven. He's still doing it. What kind of accountability can there be in a system where we can't watch over the fucker's shoulder and *see* what he's doing? If anything, this should show the futility of such a system. There is (alleged) hard evidence that a man paid from your taxes is not doing his job correctly, and yet nothing is being done about it.
Many people, from hair-dressers to bank employees are always watched while they work. The jobs are still popular, so it's likely not that onerous. Well, this is a problem of scale and intent. A handful of people have access to the security cameras at these businesses, as opposed to the entire world. And they're typically used for evidence after a crime has been committed, rather than to watch people in real-time.
How interesting do you think some clerk doing a good job of filing is going to be to watch? Many laws are written ambiguously because "It will never be used outside of this scope." Then, inevitably, they are. Who would think that a person documenting every tedious aspect of his life would be popular? Yet there have been multiple sites like Jennicam where this was done.
And this doesn't even get into issues of stalking.
Like I said, you're a more rational person than most. There are sites devoted to humorous random webcam images, humorous Google Street View images, etc. I'm fairly certain that if such a plan were enacted, there would be a page devoted solely to finding government employees picking their noses, for example. Individuals are still entitled to some amount of privacy, even when they're on the job, and even when they're on the clock for the people.
Then, of course, there's the possibility of sensitive information being leaked--if you work for a university which receives federal funding (thus requiring that video camera on you) and you have to pull up student records, FERPA information could leak.
It's pretty hard to draw solid lines in issues like this. Much like pornography, "I'll know it when I see it." The appropriateness of being able to monitor a person's working life ought to be directly proportional to the amount of danger abuse of their power can pose. Purely economic reasons just aren't good enough to me--although money is certainly important, if the only damage they can do is waste taxpayer money, I'd prefer that privacy win out, and that their bosses evaluate their work. It's a system that is already in place, and that works pretty well.
It's reasonable to watch police--they have a huge amount of authority and power, and not much in the way of accountability. It's reasonable to watch politicians, as their actions directly affect the lives of everyone in the country. It's probably not reasonable to watch a student worker in a computer lab at a university. The line is somewhere between police and that student worker. If you can find a good place to draw it, I'd be all ears.
And I don't have a problem with Slashdot or some mental breaks (such as this slow as heck week when 1/2 the office is gone). If I'm watching a government employee I'm not going to be calling their boss every time I don't see them typing. The problem is that you are more rational than most people.
I keep seeing a common theme of "well they're going to catch me slacking." The summary has nothing to do with catching people slacking off. It has everything to do with catching people abusing power. Right. Well most low-level government employees have almost no power. There's no point to having video cameras pointed at all of them.
The leaf that is this post came from the branch containing this one, which postulated that even graduate students doing work would be watched, and this one which suggested that it was perfectly reasonable.
The entire point of my post was, if I'm paying for it (or even just part of it) I should have access to it. I just don't think that I can agree with this in the general case.
So it may be unreasonable to go stand over the shoulder of the grad student. But if I paid for his research and as long as it's not a matter of national security. I should be able to get a PDF of what ever he worked on. I should be able to look at all the data and go "cool, I paid for this". But this is perfectly reasonable, in my book.
I guess it comes down to privacy and recognizing that the people who work for the government are still individuals. I think that it's perfectly reasonable to have access to works that were paid for involuntarily through your taxes. I don't think it's reasonable to have a camera pointed at a government worker 100% of the time that they're doing anything work-related.
It's hard to define or even prove waste in some jobs. There are studies suggesting that short breaks (reading Slashdot?) during the day actually increase productivity overall. Most good managers realize that keeping their workers happy and productive means not riding them constantly and giving them leeway with their time on the job.
Although we all may be paying a government worker's salary, that doesn't mean that we are all, collectively, that person's boss. The only time that I don't believe this is when it's an elected position, or a position where the person holds a disproportionate amount of power over citizens. It makes a great deal of sense to allow the people access to politicians--maybe not in their offices all the time, but certainly any time they're making decisions regarding laws and procedures for the US.
Abstracted as it is, it's not such a terrible design. It's only if key elements are left out (using SSL to verify that both sides are talking to the right host, for example) that you hit snags.
Do you disagree with the usage of software like CFEngine and Puppet? They work in an identical fashion. The key difference is who controls the server which issues the updates, however even then, most people blindly take updates to their OS, so the same trust issues apply there.
Absolutely, however people who buy into the Apple Lifestyle (they buy Apple computers, Apple access points, etc.) will have a pretty seamless 802.11n experience. Everyone else will have to make sure that they have a card that supports it, an AP that supports it, etc.
I've been tempted to move up to 802.11n for a few years, and then fall back on 802.11g once.11n becomes ubiquitous (just like I did with my land line phone, which is an older 900mhz wireless model.) If I lived in a more congested area, it would be a no brainer.
Slashdot Mirror
Opera's password management is better than Firefox's for one simple reason: you have to initiate (with a keypress) the entering of the password.
Someone did a proof-of-concept where using Javascript and XSS, they could steal passwords from Firefox, since it automatically enters it in when viewing the page. I can't find it now, but I'm pretty sure that I read about it here on Slashdot.
You can configure it that way, it's just not nearly intuitive:
http://my.opera.com/SirJeff/blog/2007/03/22/close-tabs-similar-to-firefox
Probably because people don't read the damn standards.
If every piece of software followed this philosophy, we'd be in big trouble.
"Memory is cheap, what's the big deal about half a gig dedicated to office software?"
"Memory is cheap, what's the big deal about half a gig dedicated to instant messaging?"
"Memory is cheap, what's the big deal about half a gig dedicated to e-mail clients?"
"Memory is cheap, what's the big deal about half a gig dedicated to a music player?"
With your browser statement, that's 2.5 gigs! My machine wouldn't be able to handle that.
Huh. Sure enough, it does. I would have sworn that it didn't work (interpolating $foo as the variable and ->{bar} as part of the string.) Maybe I was just thinking of the function case.
That's a bad example, because you could have easily said print "$foo\n";.
It gets more complex when you're using more complex structures: print "Looking up " , $foo->{bar} ": could not find ", $bar->{baz}, "\n";.
You can if you add goto into the mix, but it's not nearly as elegant.
You can do fall-through in if-else with liberal use of GOTO, however it's pretty ugly.
Changing the order of case evaluation can break things. Remember, you don't always have to break; before your next case:.
I don't know--how hard is it to implement Duff's Device with if instead of switch?
Preach on!
This is something that bugs me about lots of Open Source Software. Although some get it right by maintaining a security branch, far too many mix patches and new features in the same branch. It goes beyond just the possibility of introducing new bugs--it changes program functionality into something untested.
The best way of doing it (in my opinion) is to set your target features, code to that target, branch, and move on if you want more features. Fix security issues in the old branch so that I don't have to upgrade and get the new features. If you want to maintain a beta branch that fixes security issues while adding features, that's fine, but it should clearly be beta, and it'd be nice if the release cycle was reasonably consistent.
It's sound logic, honestly, but it's mostly only necessary since Windows is as cobbled together as it is. It's pretty rare that security updates in the Linux world break the operation of the machine. When I still used Windows (several years ago), it was pretty much expected.
I'm glad someone pointed this out.
Beyond that, you can't just trust logs. They are easily modified or wiped, if the attack was successful.
Generally speaking, I find the OS X interface to be simpler, which I like. It's easier to do more advanced things with the Windows graphical shell, but with a single OS X addon, it wins hands down in my book: Quicksilver. Widget implementation is poor on both systems. Personally, I rather like OS X widgets. They're unobtrusive because they're only there when you want them (when you hit F12 or whatever hotkey you assign to display them.) When I used Vista, I just felt like the widgets were getting in my way. You can Show Desktop, but there's not as clear a delineation between the widgets and the background, and Show Desktop has always been pretty flaky for me (inconsistent in its behavior, sometimes failing to hide windows or oddities.) IE is mediocre. FF memory leaks. Opera for the win. I wish FF or Opera had native 64-bit though. We're in total agreement, here. I just wish that Opera was more easily extensible, and that it had half of the development community for add-ons that Firefox has.
[1] Except for old farts who used something pre-DOS--my first experiences with computers were Commodore 64s and Apple IIe.
Constitutional best-wishes aside, governments still aren't based on the concept of individual freedom. Do you see how you're perpetuating the issue? You make the claim that governments aren't about individual freedom, and you would make such a statement come true by requiring loss of what little privacy we have during working hours.
Regardless, you can look at outcomes to whether there is waste or espionage. There are ways to do it that don't involve a camera on the person. The president is an open liar. Caught. Proven. He's still doing it. What kind of accountability can there be in a system where we can't watch over the fucker's shoulder and *see* what he's doing? If anything, this should show the futility of such a system. There is (alleged) hard evidence that a man paid from your taxes is not doing his job correctly, and yet nothing is being done about it. Many people, from hair-dressers to bank employees are always watched while they work. The jobs are still popular, so it's likely not that onerous. Well, this is a problem of scale and intent. A handful of people have access to the security cameras at these businesses, as opposed to the entire world. And they're typically used for evidence after a crime has been committed, rather than to watch people in real-time. How interesting do you think some clerk doing a good job of filing is going to be to watch? Many laws are written ambiguously because "It will never be used outside of this scope." Then, inevitably, they are. Who would think that a person documenting every tedious aspect of his life would be popular? Yet there have been multiple sites like Jennicam where this was done.
And this doesn't even get into issues of stalking.
Well, there's WSUS, but it still ultimately gets packages from Microsoft. I wonder if one could figure out how to add your own updates.
Like I said, you're a more rational person than most. There are sites devoted to humorous random webcam images, humorous Google Street View images, etc. I'm fairly certain that if such a plan were enacted, there would be a page devoted solely to finding government employees picking their noses, for example. Individuals are still entitled to some amount of privacy, even when they're on the job, and even when they're on the clock for the people.
Then, of course, there's the possibility of sensitive information being leaked--if you work for a university which receives federal funding (thus requiring that video camera on you) and you have to pull up student records, FERPA information could leak.
It's pretty hard to draw solid lines in issues like this. Much like pornography, "I'll know it when I see it." The appropriateness of being able to monitor a person's working life ought to be directly proportional to the amount of danger abuse of their power can pose. Purely economic reasons just aren't good enough to me--although money is certainly important, if the only damage they can do is waste taxpayer money, I'd prefer that privacy win out, and that their bosses evaluate their work. It's a system that is already in place, and that works pretty well.
It's reasonable to watch police--they have a huge amount of authority and power, and not much in the way of accountability. It's reasonable to watch politicians, as their actions directly affect the lives of everyone in the country. It's probably not reasonable to watch a student worker in a computer lab at a university. The line is somewhere between police and that student worker. If you can find a good place to draw it, I'd be all ears.
The leaf that is this post came from the branch containing this one, which postulated that even graduate students doing work would be watched, and this one which suggested that it was perfectly reasonable. The entire point of my post was, if I'm paying for it (or even just part of it) I should have access to it. I just don't think that I can agree with this in the general case. So it may be unreasonable to go stand over the shoulder of the grad student. But if I paid for his research and as long as it's not a matter of national security. I should be able to get a PDF of what ever he worked on. I should be able to look at all the data and go "cool, I paid for this". But this is perfectly reasonable, in my book.
I guess it comes down to privacy and recognizing that the people who work for the government are still individuals. I think that it's perfectly reasonable to have access to works that were paid for involuntarily through your taxes. I don't think it's reasonable to have a camera pointed at a government worker 100% of the time that they're doing anything work-related.
Right, but I can say the same thing as Nintendo.
Because I don't have 1000 Wiis, I'm losing money by not being able to sell them on eBay.
Does that help explain the flawed premise? It's money I never had. I have lost nothing, I'm just not achieving equilibrium on the supply/demand curve.
Nintendo's loss is solely in opportunity. It is not money which they once had, and now do not.
Perhaps he borrowed a Wii for the purpose of completing Twilight Princess? Or he mis-typed and meant that he'd completed it on the Gamecube.
It's hard to define or even prove waste in some jobs. There are studies suggesting that short breaks (reading Slashdot?) during the day actually increase productivity overall. Most good managers realize that keeping their workers happy and productive means not riding them constantly and giving them leeway with their time on the job.
Although we all may be paying a government worker's salary, that doesn't mean that we are all, collectively, that person's boss. The only time that I don't believe this is when it's an elected position, or a position where the person holds a disproportionate amount of power over citizens. It makes a great deal of sense to allow the people access to politicians--maybe not in their offices all the time, but certainly any time they're making decisions regarding laws and procedures for the US.
Abstracted as it is, it's not such a terrible design. It's only if key elements are left out (using SSL to verify that both sides are talking to the right host, for example) that you hit snags.
Do you disagree with the usage of software like CFEngine and Puppet? They work in an identical fashion. The key difference is who controls the server which issues the updates, however even then, most people blindly take updates to their OS, so the same trust issues apply there.
That's what they want you to think.
Absolutely, however people who buy into the Apple Lifestyle (they buy Apple computers, Apple access points, etc.) will have a pretty seamless 802.11n experience. Everyone else will have to make sure that they have a card that supports it, an AP that supports it, etc.
.11n becomes ubiquitous (just like I did with my land line phone, which is an older 900mhz wireless model.) If I lived in a more congested area, it would be a no brainer.
I've been tempted to move up to 802.11n for a few years, and then fall back on 802.11g once